IS Session management

, , ,
1

I’ve been working with IS since v4.6. We are currently in the processes of upgrading to v7.1 and we have a tomcat (jsp) based application that I’m struggling with session control. The reason I posted this in the Architecture section is that session control, from an architecture standpoint seems broken.

Example: when I login to the admin panel (typical port 5555 admin screen) and look at total sessions in the statistics page, I see my user id logged in (sometimes several time) which tells me that I have calls to the system from both my web based admin screen as well as via developer which I typically have a session (or two, three, etc.) open.

The root of my issues is that the session ID that is visible in the admin panel is unable to be referenced from a tomcat based jsp. I found a neat java snippet that pulls this info for me, but I can’t seem to get the same session ID that I have from the admin page. Please note that I’m using tabbed browsing which carry’s the same session ID over from tab to tab so long as you are visiting the same host (I’ve tested this).

Hopefully, this isn’t talking in circles too much but I need to find a service (or build one) that can reference the session ID that is established when I pull up a JSP (the box that pops up for login credentials). Does anyone know of such a service?

Thanks in advance!

2

I remember there was some error with session handling solved in one of the Core fixes.

Did you install IS 7.1.2 without fixes?

If you are starting your migration, I would install directly the 7.1 SP3 (7.1.3) which is already available from the installer.

Test with 7.1.3 and this problem should go away! :slight_smile:

3

Let me check on that with our administrator. He’s been taking care of the patches.

Thanks for the find!

4

Thanks DevNull43,

I’ve read the release and there are references to session information (namely related to SOAP calls) but unfortunately we aren’t ready for that update as it uses the installer and we’re behind in our implementation.

I did find something to get to my main goal of killing the WHOLE session, which was to add the following code to the “logoff” page:

session.invalidate();

It’s getting me by until I discover a better solution.

5

U can use stateless parameter if the service that is been called is independent. Not sure if i understood yourissue completely.